Skip navigation

The End of Passwords

By Alan Kramer, UPEK -- Electronic News, 10/12/2005

With any new technology, the market rewards breakthrough innovation when it is timed perfectly to coincide with an acute customer need, as evidenced by the recent success of RIM’s Blackberry and Apple’s iPod. Sometimes, though, a breakthrough innovation misses the mark by arriving too far in advance of the customer need.  John Sculley’s Apple blazed a new trail with the Newton handheld, for example, only to find itself many years ahead of the demand curve for personal digital assistants. 

Aided by the benefits of hindsight, it always seems like the really cool innovations have a sense of inevitability about them; and they can also make everything that came before them seem almost quaint by comparison.
 
In the age of googling information on the Internet, for example, the not so-distant days of encyclopedia salesmen going door-to-door already seem like ancient history. Or in this age of the mobile phone, when was the last time anyone used a public telephone booth and had to hunt for dimes and quarters?

We are right in the middle of another such market moment, where innovation has intercepted a burning customer need. You know all those security passwords people carry around, the ones that permit access to bank ATM machines, eCommerce Web sites and protected information networks?  They will be shoved into obsolescence, supplanted by more secure and convenient biometric access technology.

Reliable and affordable fingerprint identification systems, already in use and pushing into prime time, are taking over.  With the swipe of a person’s finger, for example, a ThinkPad notebook computer can identify and authenticate the rightful owner of the machine. IBM, and now Lenovo, is using biometric ID systems as a key feature in selling “the world’s most secure” notebook computer. Other computer and electronics companies are following suit.  It’s easy to see why.

With more and more information, commerce, communication and entertainment delivered in digital form over high-speed networks, the average person is using many different passwords to protect access. The level of sensitivity and the type of information under protection varies widely, as does the response of the user to assorted security threats. Thus, we hope, extra vigilance and care will go into the protocol that keeps one’s personal bank account information private. The individual access code on a cell phone may not carry the same level of attention to protection, but even that has a cost.  Remember what happened with Paris Hilton’s hacked PDA?  To more and more people around the world who embrace the digital lifestyle, passwords are a fact of life. To make matters worse, passwords are a pain and don’t really do the job of securing access to any real degree.

We all know the drill with passwords. People tend to use the same ones over and over again, to help remember them. The problem is that hackers understand the inverse relationship between security and convenience -- passwords that are easy to remember.  Figure out a person’s scheme for one password, and you likely unlock a slew of others. 
Is the password a permutation of names and birthdates? Or the name of one’s dog or mockingbird? One password, used for recurring access requirements, is intrinsically less secure than many passwords. 

Some people manage this problem with different tactics. Some reserve their mother’s maiden name as a password clue for really important things, for example, but use a more general-purpose clue at other times. We all know the reality of “Post-it Note security” -- those sticky strips of paper people use as memory aids to remember different login names and passwords. Once written down, these pieces of paper can be lost and occasionally fall into the wrong hands. There is, here again, a tradeoff between information security and what’s convenient.

Of course, other technologies exist that serve to safeguard and protect passwords, as opposed to eradicating them; for example, a digital lockbox where all of one’s passwords are stored in an encrypted file that is itself protected by a password. Effective as this method is, it overlooks an important dimension of human behavior -- how many of us really want to go to the trouble of placing all of our passwords in a single lock box? A few security-minded folks, perhaps, but not the general public. And what if the one password that protects all of the others falls into the wrong hands?

For that reason, the market is promptly validating biometric technology, moving from the early customer ramp to larger-scale market adoption. For example, in the notebook market alone, IBM/Lenovo, Sony, NEC, Toshiba and Hewlett-Packard have all announced products that feature biometric access as a standard option on selected models. Within the next year, I believe that every top-tier notebook provider will offer a product enabled with biometrics. And that’s just notebooks. An array of devices can and will profit from biometrics, ensuring that markets from mobility to enterprise will have the highest level of security. The technology is simply a better way to solve the problem of providing secure access to digital information assets that is also convenient for the user.

As with all fundamental advances in technology, the supplanting of fallible password protection schemes with biometric ID systems delivers an even bigger benefit than one might imagine. Passwords, even when perfectly applied, can only authorize a given user to a system. That user ID can be shared, creating the potential for security breach. With biometric ID systems, the specific individual -- not the user -- is identified and authorized to work with the particular machine or information service. With the spread of this technology, people will not only find it easy to secure access to their notebook computers, but also to their mobile phones, personal music players and song libraries, and just about anything digital that is of personal value. 

We should not lament the passing era of passwords. They did their job for a time.  There is just a better way to provide easy and secure access to digital assets with biometric ID systems. We can forget the hassle and vulnerability of having to remember a multitude of passwords. Just a swipe of the index finger on an access system and you gain admission -- complete with peace of mind.  At a modest cost to the manufacturer of the digital device, the customer is afforded a much higher level of security without any of the hassle associated with passwords.  This is another small but useful milestone on the path of human progress. Passwords may be doomed, but the protection will be better than ever. 

Alan Kramer is president, CEO and founder of biometric fingerprint security player UPEK Inc.


ADVERTISEMENT
ADVERTISEMENT

Feedback Loop


Post a CommentPost a Comment

There are no comments posted for this article.

By This Author

There are no additional articles written by this author.


ADVERTISEMENT

Newsletters

EDN Global Innovators 11/21/2008

Electronic News Today 11/21/2008

EDN on Components: LED flashlight, new products, more... 11/20/2008

Sign UpSign Up

Knowledge Center

Events

Screaming Circuits
Dates: 10/20/2008 - 12/31/2008
Location: 14940

Submit an EventSubmit an Event

Reference Designs

Bluetooth MP3 ref design

Audio-Mojo: QF1D512 Simple and versatile FIR engine (SavFIRe) Development Board for Audio Applications

Complete Two-Way Crossover Network in a Single Chip

Submit a DesignSubmit a Design

Press Releases

$2 Million Handcrafted Luxury Car Designed with NVIDIA Quadro Graphics

"adhere" launches premier cyanoacrylate "instant" adhesive

0.9 Ultra Low Voltage 8bit Flash MCU family

Submit a ReleaseSubmit a Release

Technology Quick Links

EDN Marketplace

About Us   |   Contact Us   |   Free Email Newsletters   |   Free Magazine Subscription  |   Advertising   |   RSSRSS   

©1997-2008 Reed Business Information, a division of Reed Elsevier Inc. All rights reserved.
Use of this Web site is subject to its Terms of Use | Privacy Policy

Please visit these other Reed Business sites